Roles
What each role can do in your organization.
Hourdini has three roles. Each member of your organization has exactly one of them.
| Role | Best for | What they can do |
|---|---|---|
| Owner | You, your business partner. | Everything. Billing, settings, inviting and removing teammates, sending invoices, and managing API access. |
| Member | A teammate who tracks time and bills work. | Track time, manage clients and projects, draft and send invoices. Cannot change org settings or invite teammates. |
| Viewer | A client-side stakeholder, an accountant, or a contractor scoped to specific clients. | Read-only access. Sees only the clients you grant them. Cannot track time, draft invoices, or change anything. |
Picking the right role
Most of the time:
- Owner for you and any partner. Owners can do everything.
- Member for any teammate who actually does the work and bills it.
- Viewer for anyone who needs to see numbers but shouldn't change them: typically your accountant during tax season, or a client who wants visibility into hours.
Viewers and client access
A Viewer doesn't automatically see every client in your org. They see only the clients you explicitly grant them access to. Everything else in the org (other clients, their projects, time entries, invoices) is invisible to that Viewer.
You pick the initial set of clients when you invite the Viewer. To change it later, open Settings -> Members, click the Viewer, and edit the Client access list. Grants and revocations take effect on the Viewer's next request.
This is what makes Viewer the right role for an external accountant who should see one client's invoices, or a contractor scoped to a single engagement.
Changing someone's role
Open Settings -> Members, click the member you want to change, and pick a different role. Changes take effect on their next page load.
The owner-only safety net
There must always be at least one owner per organization. If you're the only owner and try to demote yourself, the change is blocked. Promote someone else first, or have another owner demote you.
Removing someone
From Settings -> Members, open the member and click Remove from organization. Their time entries, the projects they touched, and the invoices they drafted stay in place. They lose access immediately, and any PATs they minted under this org stop working on the next request.
Roles and tokens
A Personal Access Token (the thing your CLI and AI agent use) carries the same permissions as the user who minted it, at the time of each request. So if you demote someone from Member to Viewer, their existing tokens immediately stop being able to write data. They don't need to mint a new token, and you don't need to revoke the old one for the permission change to take effect.